Sensitive data, stolen or damaged by a disgruntled employee, can have a direct impact on your financial objectives. Do not wait for a problem to happen. Below are some basic precautions that every employer should take to protect company data from disgruntled employees.
1. Track access. One of the most common mistakes made by employers is that they leave employee access open after termination. This is often done by accident; the employer did not remove all avenues of access, leaving behind dangerous "zombie" accounts. For many companies, employees have a number of accounts or accesses beyond their corporate e-mails. The bottom line? Know what your employees have access to.
2. Account for data and tech devices your employees own. The proliferation of personal devices used for work purposes has led to a corporate environment where the personal commingles with the work. By allowing employees to use their own equipment, the employer loses a certain amount of control. Therefore it is that much more important to have an employee sign a contractual agreement before coming on board. This will provide a clear civil recourse if the ex-employee violates that signed contract.
3. Full account revocation is the single biggest and best thing you can do. Yes, this measure may sound harsh, but even worse is what will happen if you do not revoke access. In one case a system administrator was terminated for cause. As he cleaned out his desk before he left, he deleted one file—the file that held all the encryption keys for the employees and the corporate escrow key for all the encrypted files held by the company. The 20-plus employees who used the key from the server lost access to all their encrypted files. With one keystroke, everything those employees had done for the previous three years was lost.
4. Do your back-ups. While you can recover a lot from good back-ups, it can be very difficult to recover something that was not backed up. It is a simple measure for a serious potential problem.
5. Monitor system use for aberrant behavior. You can monitor users for normal access and potentially spot "hoarding" as it occurs. This should be done in conjunction with regular scanning of all systems for viruses and malware.
While most employees remain loyal to former employers, there are those that seek revenge. Taking these small steps will help you protect the future of your organization.
Director of strategic security
Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.
To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.